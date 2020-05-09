Today is one of those days when it is much easier to understand the importance of security patches: Through a firmware update, Samsung has fixed a critical security breach that has affected each and every one of the Galaxy mobiles launched since 2014.

As they explain on the ZDNet portal, it has been Mateusz Jurczyk, a security researcher from Google’s Project Zero team, who was in charge of highlighting this vulnerability. The security flaw in question is present in Samsung mobiles with any version of Android released from 2014 and modified by the company. This is a critical vulnerability, which would allow attackers to run malicious code on devices, without the need for user interaction.

May security patch fixes issue

According to the researcher, the vulnerability gave attackers control to execute their own code on the victims’ Samsung devices, through the sending various multimedia messages –MMS–. Since Android, by default, redirects all the images received through these types of messages to the “Skia” library to be processed, the user could not prevent these files from being stored on the device. Apparently, only the Samsung terminals were affected by this problem, since the South Korean is the only brand that decided to make modifications to the Android code to support the Qmage image format –By default, Android does not include support for this format.

In a video published by the researcher, you can see how “simple” was the process to take advantage of this vulnerability, present in the native Samsung messaging application included in all the company’s terminals. However, he explains that it is possible that the attack could be replicated in other apps included by Samsung on its terminals.

Through the various multimedia messages sent, the attacker was able to locate the “Skia” library in the device storage, to later send a last MMS with the necessary exploit to allow the execution of your own code. As if that wasn’t enough, he also explains that these types of attacks could have been carried out silently:

“I’ve found ways to completely process MMS messages without triggering a notification sound on Android, so completely stealthy attacks could be possible.”

The vulnerability was discovered in the month of February, and was reported to Samsung at the time. After a couple of months of work, Samsung has claimed to have Fixed issue with May security update, released by Google on the first Monday of this month, but that for a little over a week already began to reach the first terminals of Samsung, and little by little it should spread throughout its catalog.

In case you want to know more information about how the vulnerability was discovered, and the steps taken to take advantage of it and get to place and execute code on Samsung devices, Jurczyk offers a full technical report with all the details of the investigation.

